LightsailのWordPressをhttps化

https化してみました。
httpsに関しては下記を参照:

インスタンスにSSH接続し、以下作業

$ cd /usr/local/bin
$ git clone https://github.com/certbot/certbot
$ cd cerbot
$ ./certbot-auto certonly

./certbot-auto certonly っとコマンドを実行することになるので
/usr/local/bin に置いたが、お好みで。

Requesting to rerun ./certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

2を選択

Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):

ドメイン名を入力

Obtaining a new certificatePerforming the following challenges:http-01 challenge for owatata.comInput the webroot for {ドメイン名}: (Enter 'c' to cancel): /opt/bitnami/apps/wordpress/htdocs/

/opt/bitnami/apps/wordpress/htdocs/
と指定。

Waiting for verification...Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/{ドメイン名}/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/{ドメイン名}/privkey.pem
Your cert will expire on 2020-07-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run 
"certbot-auto renew" 
- If you like Certbot, please consider sup

以下の証明書と秘密鍵が生成される
/etc/letsencrypt/live/{ドメイン名}/fullchain.pem
/etc/letsencrypt/live/{ドメイン名}/privkey.pem

元は /opt/bitnami/apache2/conf/bitnami/bitnami.conf  で設定されているようなので書き換えます。

# SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateFile "/etc/letsencrypt/live/{ドメイン名}/fullchain.pem"
# SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCertificateKeyFile "/etc/letsencrypt/live/{ドメイン名}/privkey.pem"

書き換えたらapacheを再起動

$ sudo /opt/bitnami/ctlscript.sh restart apache

これで https://{ドメイン名} でアクセスしても見れるはず!

コメントを残す

メールアドレスが公開されることはありません。